Salesloft Drift reported a recent security event involving unauthorized user access to its Drift application, which integrates with Salesforce. Like thousands of companies globally, we use Drift. This event may impact our customer base, and we want to keep you informed of its potential implications.
Salesloft Drift has published a public update on this matter, which continues to be updated regularly. Salesforce reportedly disabled all instances of the Drift application and removed it from the Salesforce AppExchange.
At this time, our own team investigation is ongoing. We are actively collaborating with Salesforce and Salesloft, and have engaged both our internal security team and external cybersecurity specialists to thoroughly assess the scope of the incident.
We have taken immediate steps to secure access and are treating this matter with the highest priority.
While our investigation continues, we have identified evidence that certain information stored within our Salesforce instance was accessed by an unauthorized user through illegitimate access to the Drift application.
We have no indication that this has any effect on the Bugcrowd Platform, customer vulnerability data, our broader networked estate, or any payment details. Importantly, we see no evidence of ongoing malicious activity or any indicators of lateral movement outside of Salesforce. We are confident there is no further risk of additional malicious activity from this event across the Bugcrowd network.
We will continue to provide timely updates as more details become available, including whether your information was affected and any recommended next steps.
We greatly value your trust and patience as we work through this investigation. If you have any immediate concerns, please reach out to security@bugcrowd.com.